ASB-A-213644870
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-213644870.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-213644870
- Aliases
-
- A-213644870
- CVE-2022-20226
- Published
- 2022-07-01T00:00:00Z
- Modified
- 2026-04-21T15:25:42.831358Z
- Summary
- [none]
- Details
-
In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"10283689925970767745039467515145839613",
"262447069286773819783877630469413526772",
"42710371276610711414791601201715173153",
"166183720595856650804928134883908547633",
"30102194167949942252975857073123632582",
"123398118123314661349505762760018517105",
"204405425560196390556035502911962567381"
]
},
"id": "ASB-A-213644870-040d226c",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c54faf3e691b3d952f649756578eab6f8a5d3208",
"target": {
"file": "core/jni/android_view_SurfaceControl.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"109308593953997389863375467451930133254",
"94699768790438915482765790682681872288",
"110023916072507408757555310022252388335",
"215111910697632882604036026239049292193"
]
},
"id": "ASB-A-213644870-2c31844f",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c54faf3e691b3d952f649756578eab6f8a5d3208",
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"38968290403228463353837298513432406102",
"304528173058242274849033339504350305354",
"101157398416841870061643836720504773637",
"113105747347854439447263763515229602544",
"291314025743564295420860371659408652795",
"314047888469450165801136092425354257071",
"189991891994099775720685819681100013572"
]
},
"id": "ASB-A-213644870-30b72434",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c54faf3e691b3d952f649756578eab6f8a5d3208",
"target": {
"file": "core/java/android/view/SurfaceControl.java"
}
},
{
"digest": {
"length": 639.0,
"function_hash": "83958915429775838570512321188110188733"
},
"id": "ASB-A-213644870-712e9848",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c54faf3e691b3d952f649756578eab6f8a5d3208",
"target": {
"function": "finishDrawingWindow",
"file": "services/core/java/com/android/server/wm/WindowManagerService.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/c54faf3e691b3d952f649756578eab6f8a5d3208"
],
"types": [
"EoP"
],
"spl": "2022-07-01",
"severity": "High"
}
Android / platform/frameworks/native
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"158316474625177380927379967336735792071",
"210021420014394732488362221031205883846",
"331030268047125451190618899420805559668"
]
},
"id": "ASB-A-213644870-74f915ea",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/native/+/1ff38ab351a617c4870eec236b70932ff2c4473b",
"target": {
"file": "libs/gui/LayerState.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"332381021113198560895429062369073948349",
"44331992766085121825441615548065094219",
"88217928992512580016909342481436155673",
"160599368510002579484529369188586086302"
]
},
"id": "ASB-A-213644870-d16defad",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/native/+/1ff38ab351a617c4870eec236b70932ff2c4473b",
"target": {
"file": "libs/gui/include/gui/SurfaceComposerClient.h"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"205641342065023842371091921530500723954",
"278129404744689785468040558095339977043",
"168828413441837664234458638552152734678",
"12733264191246206875023833473909259006",
"321795751002210282708716128041769480703",
"91632105569992995968658733557942439857",
"79537943416717662722743741558961208950",
"157395701064132088622923284380667498154"
]
},
"id": "ASB-A-213644870-e9482da3",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/native/+/1ff38ab351a617c4870eec236b70932ff2c4473b",
"target": {
"file": "libs/gui/include/gui/LayerState.h"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"17440762063016278011988741857659065229",
"106802602803923500112653028896911190638",
"335430823114812336836988704439893870037",
"103400400102260454088510578413313457032",
"310169275428447047405242217820035451",
"240320211232283025739686553089665140019"
]
},
"id": "ASB-A-213644870-eceff298",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/native/+/1ff38ab351a617c4870eec236b70932ff2c4473b",
"target": {
"file": "libs/gui/SurfaceComposerClient.cpp"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/1ff38ab351a617c4870eec236b70932ff2c4473b"
],
"types": [
"EoP"
],
"spl": "2022-07-01",
"severity": "High"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 639.0,
"function_hash": "83958915429775838570512321188110188733"
},
"id": "ASB-A-213644870-2d1f9dbf",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/20303e05bf73796124ab70a279cf849b61b97905",
"target": {
"function": "finishDrawingWindow",
"file": "services/core/java/com/android/server/wm/WindowManagerService.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"109308593953997389863375467451930133254",
"94699768790438915482765790682681872288",
"110023916072507408757555310022252388335",
"215111910697632882604036026239049292193"
]
},
"id": "ASB-A-213644870-3ba944f6",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/20303e05bf73796124ab70a279cf849b61b97905",
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"206710912623225518822118118418562316887",
"308209011028749043628053711427160371938",
"12209304743745958707138099709119970222",
"292317412448276784155305856665001322196",
"291314025743564295420860371659408652795",
"314047888469450165801136092425354257071",
"189991891994099775720685819681100013572"
]
},
"id": "ASB-A-213644870-480a01eb",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/20303e05bf73796124ab70a279cf849b61b97905",
"target": {
"file": "core/java/android/view/SurfaceControl.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"10283689925970767745039467515145839613",
"262447069286773819783877630469413526772",
"42710371276610711414791601201715173153",
"149154735167034948074364255221988351201",
"291211340028722230894985854103626517125",
"117274481847790116195683706567649776575",
"214026053996811510671851429925048764"
]
},
"id": "ASB-A-213644870-a62fa883",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/20303e05bf73796124ab70a279cf849b61b97905",
"target": {
"file": "core/jni/android_view_SurfaceControl.cpp"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/20303e05bf73796124ab70a279cf849b61b97905"
],
"types": [
"EoP"
],
"spl": "2022-07-01",
"severity": "High"
}
Android / platform/frameworks/native
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"332381021113198560895429062369073948349",
"44331992766085121825441615548065094219",
"88217928992512580016909342481436155673",
"160599368510002579484529369188586086302"
]
},
"id": "ASB-A-213644870-20040708",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/native/+/ade0d07ba1ae18d9aee25b22ff6ef49599217f67",
"target": {
"file": "libs/gui/include/gui/SurfaceComposerClient.h"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"158316474625177380927379967336735792071",
"210021420014394732488362221031205883846",
"331030268047125451190618899420805559668"
]
},
"id": "ASB-A-213644870-3e24d18f",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/native/+/ade0d07ba1ae18d9aee25b22ff6ef49599217f67",
"target": {
"file": "libs/gui/LayerState.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"205641342065023842371091921530500723954",
"278129404744689785468040558095339977043",
"168828413441837664234458638552152734678",
"12733264191246206875023833473909259006",
"321795751002210282708716128041769480703",
"91632105569992995968658733557942439857",
"79537943416717662722743741558961208950",
"157395701064132088622923284380667498154"
]
},
"id": "ASB-A-213644870-4c807467",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/native/+/ade0d07ba1ae18d9aee25b22ff6ef49599217f67",
"target": {
"file": "libs/gui/include/gui/LayerState.h"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"17440762063016278011988741857659065229",
"106802602803923500112653028896911190638",
"335430823114812336836988704439893870037",
"103400400102260454088510578413313457032",
"310169275428447047405242217820035451",
"240320211232283025739686553089665140019"
]
},
"id": "ASB-A-213644870-575bf847",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/native/+/ade0d07ba1ae18d9aee25b22ff6ef49599217f67",
"target": {
"file": "libs/gui/SurfaceComposerClient.cpp"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/ade0d07ba1ae18d9aee25b22ff6ef49599217f67"
],
"types": [
"EoP"
],
"spl": "2022-07-01",
"severity": "High"
}